Allow filtering by remote addresses (#52)

* Added the possibility to define rules for remote addresses

* Added change in changelog

* Added check for X-Real-Ip and X-Forwarded-For when checking for remote address filtering

* cmd/anubis: refine IP filtering logic

* Optimize the configuration so that the IP trie is created once at
  application start instead of dynamically being created every request.
* Document the changes in the changelog and docs site.
* Allow pure IP range filtering.
* Allow user agent based IP range filtering.
* Allow path based IP range filtering.
* Create --debug-x-real-ip-default flag for testing Anubis locally
  without a HTTP load balancer.

---------

Co-authored-by: Xe Iaso <me@xeiaso.net>

1 files changed, 18 insertions, 3 deletions

diff --git a/internal/headers.go b/internal/headers.go
index 47aa2cc..1de845d 100644
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -1,6 +1,7 @@
 package internal
 
 import (
+	"log/slog"
 	"net/http"
 
 	"github.com/TecharoHQ/anubis"
@@ -8,13 +9,27 @@ import (
 
 // UnchangingCache sets the Cache-Control header to cache a response for 1 year if
 // and only if the application is compiled in "release" mode by Docker.
-func UnchangingCache(h http.Handler) http.Handler {
+func UnchangingCache(next http.Handler) http.Handler {
 	if anubis.Version == "devel" {
-		return h
+		return next
 	}
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Cache-Control", "public, max-age=31536000")
-		h.ServeHTTP(w, r)
+		next.ServeHTTP(w, r)
+	})
+}
+
+// DefaultXRealIP sets the X-Real-Ip header to the given value if and only if
+// it is not an empty string.
+func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler {
+	if defaultIP == "" {
+		slog.Debug("skipping middleware, defaultIP is empty")
+		return next
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		r.Header.Set("X-Real-Ip", defaultIP)
+		next.ServeHTTP(w, r)
 	})
 }